Management ACLs
108
CN4093 Application Guide for N/OS 8.2
Management ACLs (MACLs) filter inbound traffic i.e. traffic toward the CPU.
MACLs are applied switch‐wide. Traffic can be filtered based on the following:
IPv4 source address
IPv4 destination address
IPv4 protocols
TCP/UDP destination or source port
Lower MACL numbers have higher priority. Up to 128 MACLs can be configured.
Following is an example MACL configuration based on a destination IP address
and a TCP‐UDP destination port:
CN4093(config)# accesscontrol macl 1 ipv4 destinationipaddress 1.1.1.1
255.255.255.0
CN4093(config)# accesscontrol macl 1 tcpudp destinationport 111 0xffff
CN4093(config)# accesscontrol macl 1 statistics
CN4093(config)# accesscontrol macl 1 action permit
CN4093(config)# accesscontrol macl 1 enable
Use the following command to view the MACL configuration:
CN4093(config)# show accesscontrol macl 1
MACL 1 profile
: Enabled
IPv4
- DST IP
: 1.1.1.1/255.255.255.0
TCP/UDP
- DST Port
: 111/0xffff
Action
: Permit
Statistics
: Enabled